Play Framework’s apache config “guide” suggests including in Apache’s config:
ProxyPreserveHost On
Why is that? Why is it useful?
From Apache’s documentation:
When enabled, this option will pass the Host: line from the incoming
request to the proxied host, instead of the hostname specified in the
proxypass line.This option should normally be turned Off. It is mostly useful in
special configurations like proxied mass name-based virtual hosting,
where the original Host header needs to be evaluated by the backend
server.
The
ProxyPreserveHostoption makes your application appear to be directly exposed to outside world, as said in Play Framework documentation. When it is enabled, Apache will set the host header to that of the original request, instead of the one set in proxy settings.This is useful whenever you have any use for the request host information inside your Play application. I don’t think it is too difficult to come up with scenarios where this might be the case. For example, you could build stronger security measures by keeping an eye on the request host, and see that it doesn’t change unexpectedly when it shouldn’t, to prevent session hi-jacking (not saying that would necessarily be the wisest way of doing it – it’s just an example).